"In his excellent book on #surveillance, Bruce Schneier has pointed out we would never agree to carry tracking devices and report all our most intimate conversations if the government made us do it.
But under such a scheme, we would enjoy more legal protections than we have now. By letting ourselves be tracked voluntarily, we forfeit all protection against how that information is used.
Those who control the data gain enormous power over those who don't."
@strypey I'll read the book, which I don't think I've read yet.
In my opinion by all the evidence it seems impossible to regulate away surveillance capitalism culture, though I understand Schneier is an expert on pro-cybersecurity public policy changes (that fail to gain traction, amirite).
I think absolutely all people need to begin practicing long-standing, tried-and-true privacy measures. #GPG encryption of personal emails all the time. Take data out of corporate hands with #i2p#tor etc.
The world of public key cryptography with gpg is a fascinating pocket universe I would love to dig into more.
It's kinda sad that Keybase feels like the only hope of that ecosystem being usable by Mere Mortals and that company's future feels uncertain from here given their acquisition.
Many of the reasons described in the #letsEncrypt forum are true, which does not mean S/MIME is impossible to fix or use.
There is native support for S/MIME in many email clients both desktop and mobile/tablet, including most of the 'stock' clients installed by default in most of the devices, so this is not an issue.
I think the big problems are basically 2:
1.- Having a throwaway key and certificate every 30 days (as we do with Letsencrypt SSL/TLS) is very inconvenient because we would need to keep a long collection of them in order access old messages.
2.- People access their email from multiple devices, so syncing the private key securely across all of them becomes a challenge.
For the tech savvy, both problems are manageable:
1.- You can get a free S/MIME certificate from #Actalis valid for 1 year here:
Please read a very important reply to this post by @duxsco pointing out to the insecurity of the Actalis certificate, and providing a secure but not free alternative.
2.- You can manually add this certificate to all your devices and keep an encrypted/secure repository with all your old keys and certificates in case you need to access your archived email.
I've been doing exactly that for years and it is just fine for signing my email.
IMHO for 'fixing' the whole signing and encryption of emails, #OpenPGP is conceptually closer to be a more consistent solution, and I use it with everyone who understands it, but I have to admit that the ecosystems is far less ready than for S/MIME (you will need to use specialised apps or installed plugins, etc.), Thunderbird being a shining exception.
PGP has several very powerful advantages:
1.- You don't need a CA for the sole purpose of generating your keys.
2.- You can use the same keys for many years.
3.- People who really trust each other can sign each other's keys creating a web-of-trust.
4.- There is a free network of keyservers where you can upload your public keys and make them available to everyone.
5.- Most people these days have their own website, blog or social media account where they can publish their public keys for cases when they distrust the public servers. They can manually exchange them too.
In the long run I believe we should promote the adoption of OpenPGP instead of S/MIME, with more people using it, native support should follow.
I am not an expert though, so I'd love to hear from others too. 😊
It is so nice to finally have my whole company as well as my personal computers on hardware encryption, pgp key enabled, password store behibd pgp key, yubikey based pgp card, and ssh key using my pgp key through yubikey.
Other than being more secure it also means i dont need to backup my ssh keys or password store credentials, its all reproducable from my pgp keys.
danke für alles ❤️ nicht zuletzt deine gelebte Toleranz gegen meine Emacs-Affinität. #Schnitzelhaus (und vieles andere) will never be the same without you.